rpm 操作系统命令注入漏洞

rpm is a powerful command-line-driven package management tool from the rpm organization. It is used for installing, uninstalling, verifying, querying, and updating software packages on Linux systems. rpm has a vulnerability related to operating system command injection. This vulnerability arises...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

MiracleLinux 4 : rpm-4.8.0-59.0.2.AXS4 (AXSA:2021-2775:09)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2775:09 advisory. rpm: Signature checks bypass via corrupted rpm package CVE-2021-20271 Tenable has extracted the preceding description block directly from the MiracleLinux...

EUVD-2026-1159

pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve Remote Cod...

EUVD-2025-202813

Malicious code in elf-stats-evergreen-satchel-868 npm...

EUVD-2025-84294

Malicious code in shrillflamingoz3n npm...

Security Bulletin: AIX/VIOS is vulnerable to a memory corruption issue (CVE-2025-6965) due to RPM

Summary Vulnerability in RPM could allow an attacker to cause a memory corruption issue CVE-2025-6965. RPM is used by AIX for package management. Vulnerability Details CVEID:CVE-2025-6965 DESCRIPTION: There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate term...

EUVD-2022-29429

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2010-2198

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deleti...

PT-2025-21150 · Yggdrasil · Yggdrasil

Name of the Vulnerable Software and Affected Versions: Yggdrasil affected versions not specified Description: A flaw was found in Yggdrasil, which acts as a system broker, allowing processes to communicate with other children's "worker" processes through the DBus component. Yggdrasil creates a DB...

CVE-2023-40654

In FW-PackageManager, there is a possible missing permission check. This could lead to local escalation of privilege with System execution privileges needed...

The vulnerability of the hdrblobInit() function in the lib/header.c component of the RPM package manager allows a hacker to trigger a service failure.

The vulnerability of the hdrblobInit function in the lib/header.c component of the RPM package manager is related to reading data from within allowable buffer sizes. Exploiting this vulnerability could allow an attacker to cause service failures...

SUSE CVE-2013-6435

Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory...

SUSE CVE-2014-8118

Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow...

Hardcoded credentials

Malicious translator is able to inject JavaScript code in few translatable strings where HTML is allowed. The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions...

The vulnerability of the RPM package manager RPM in Red Hat Enterprise Linux operating systems allows a hacker to increase their privileges.

The vulnerability of the RPM package manager RPM in Red Hat Enterprise Linux operating systems arises from a situation of competition. Exploiting this vulnerability can allow an attacker to increase their privileges...

Google Android Information Disclosure Vulnerability (CNVD-2020-60499)

Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA. A security vulnerability exists in the Android-11 version of PackageManager, which stems from a lack of privilege checking, and can be exploited by an attacker to leak local information...

USN-4359-1 apt vulnerability

It was discovered that APT incorrectly handled certain filenames during package installation. If an attacker could provide a specially crafted package to be installed by the system administrator, this could cause APT to crash...

USN-2370-1 apt vulnerability

Guillem Jover discovered that APT incorrectly created a temporary file when handling the changelog command. A local attacker could use this issue to overwrite arbitrary files. In the default installation of Ubuntu, this should be prevented by the kernel link restrictions...

DEBIAN-CVE-2012-0214

The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool APT 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user fro...